← 返回 Skills 市场
590
总下载
0
收藏
0
当前安装
2
版本数
在 OpenClaw 中安装
/install openclaw-macos-always-on
功能描述
Run OpenClaw as a system-level LaunchDaemon on macOS for 24/7 operation, surviving screen lock, logout, and user switching. Uses caffeinate to prevent sleep....
安全使用建议
This package will run OpenClaw as a system LaunchDaemon (requires sudo) which is consistent with its goal, but take these precautions before installing: 1) Inspect the install.sh and the plist yourself instead of piping curl | bash from an unfamiliar GitHub account. 2) Do NOT allow the gateway token to be written into a world-readable plist. If you must set a token, store it in a file with restrictive permissions (600 owned by you) or use launchctl to set environment variables at runtime, or better, use the macOS Keychain and have the service retrieve it securely. 3) If you don't need system-wide uptime (survive logout), prefer a LaunchAgent (no sudo) to reduce privilege and exposure. 4) Be aware caffeinate prevents system sleep and may harm laptop battery life. 5) If you proceed, change /Library/LaunchDaemons/ai.openclaw.gateway.plist permissions to restrict access or remove the OPENCLAW_GATEWAY_TOKEN from the plist and inject it at service start with a safer mechanism. If you want, I can suggest a safer plist pattern or a modified install script that avoids storing secrets in a world-readable file.
功能分析
Type: OpenClaw Skill
Name: openclaw-macos-always-on
Version: 1.0.1
The skill is designed to install OpenClaw as a macOS LaunchDaemon for 24/7 operation, which requires system-level persistence and `sudo` privileges. While its stated purpose is legitimate, it is classified as suspicious due to several high-risk behaviors: it installs a system-wide service (`/Library/LaunchDaemons/ai.openclaw.gateway.plist`), uses `sudo` for installation, and embeds the `OPENCLAW_GATEWAY_TOKEN` (a sensitive credential) directly into the plist file. Although the `SKILL.md` documentation transparently discusses these security considerations and the service runs as the user (not root), the direct handling of a sensitive token in a file and the establishment of system-level persistence represent significant vulnerabilities if the system is compromised, even without clear evidence of malicious intent for self-exploitation or exfiltration to external parties.
能力评估
Purpose & Capability
The declared purpose (run OpenClaw as a system LaunchDaemon that survives lock/logout) matches the instructions and the included install.sh: it creates a /Library/LaunchDaemons plist, wraps the node process with caffeinate, and bootstraps the service. Requiring sudo for installation and locating node/OpenClaw binaries is coherent with the stated goal.
Instruction Scope
Runtime instructions focus on creating and installing a LaunchDaemon, stopping user LaunchAgents, and verifying lock-screen behavior. The installer reads local OpenClaw configuration (openclaw config get gateway.auth.token) and writes system-level files; it does not appear to collect unrelated system data. However the instructions do recommend piping a remote install.sh via curl|bash (from a personal GitHub repo) which broadens the scope of trust.
Install Mechanism
The skill is instruction-only but includes an install.sh. The README/SKILL.md suggest a one-line curl|bash from raw.githubusercontent.com (a common host). That pattern is common but inherently risky: running remote scripts without review can execute arbitrary code. The included install.sh itself performs privileged operations but is contained in the package for inspection.
Credentials
The installer retrieves the OpenClaw gateway token and writes it into the plist's EnvironmentVariables (OPENCLAW_GATEWAY_TOKEN). The plist is installed at /Library/LaunchDaemons with permissions set to 644 (root:wheel), making the token readable by all local users — disproportionate exposure of a secret. Persisting sensitive tokens in a world-readable system file is a clear security risk. (No unrelated credentials are requested otherwise.)
Persistence & Privilege
The skill asks to create a system LaunchDaemon (requires sudo) and sets aggressive keepalive/throttle settings and caffeinate to prevent sleep — appropriate for 24/7 operation but impactful for battery and system policies. The combination of system-level persistence plus storing a gateway token in a world-readable system file increases the blast radius if other local users or processes can read that file.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install openclaw-macos-always-on - 安装完成后,直接呼叫该 Skill 的名称或使用
/openclaw-macos-always-on触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.1
Add Chinese README (README.zh-CN.md) for Chinese-speaking users
v1.0.0
Initial release: LaunchDaemon + caffeinate for 24/7 macOS operation. Verified on macOS 14.4.
元数据
常见问题
OpenClaw macOS Always-On 是什么?
Run OpenClaw as a system-level LaunchDaemon on macOS for 24/7 operation, surviving screen lock, logout, and user switching. Uses caffeinate to prevent sleep.... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 590 次。
如何安装 OpenClaw macOS Always-On?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install openclaw-macos-always-on」即可一键安装,无需额外配置。
OpenClaw macOS Always-On 是免费的吗?
是的,OpenClaw macOS Always-On 完全免费(开源免费),可自由下载、安装和使用。
OpenClaw macOS Always-On 支持哪些平台?
OpenClaw macOS Always-On 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 OpenClaw macOS Always-On?
由 happy dog(@happydog-intj)开发并维护,当前版本 v1.0.1。
推荐 Skills